CentOS實現防止惡意掃描 PortSentry

最後更新：2014-09-30 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

連接埠做為伺服器的大門安全很重要，當伺服器運行很多服務時並向外提供服務，為防止有人惡意偵測伺服器用途，可使用portsentry來迷惑對方

portsentry可設定偵聽指定的TCP/UDP連接埠，當遇到掃描時會回應連接埠開放，並記錄掃描者資訊可做相應處理：防火牆阻止、路由定向、執行自訂指令碼

實驗環境

centos-5.8

實驗軟體

gcc gcc-c++

portsentry-1.2.tar.gz

軟體安裝

yum install -y gcc gcc-c++

tar zxvf portsentry-1.2.tar.gz

cd portsentry_beta/

vim portsentry.c

make linux

make install

vim /usr/local/psionic/portsentry/portsentry.conf

#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4 001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"

#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32，770,32771,32772,32773,32774,31337,54321"

這兩行定義連接埠策略

83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"

這行定義拒絕ip

87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"

這行定義拒絕ip記錄

132 BLOCK_UDP="1"

133 BLOCK_TCP="1

對掃描IP的操作，0為無動作，1防火牆阻止，2執行指令碼

211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"

Iptables阻止

/usr/local/psionic/portsentry/portsentry -tcpTCP基本連接埠綁定，以設定檔連接埠為準

/usr/local/psionic/portsentry/portsentry -udp UDP基本連接埠綁定，以設定檔連接埠為準

/usr/local/psionic/portsentry/portsentry -stcpTCP私密檢測，只記錄不回應連接埠開放

/usr/local/psionic/portsentry/portsentry -sudpUDP私密檢測，只記錄不回應連接埠開放

/usr/local/psionic/portsentry/portsentry -stcpUDP進階秘密檢測，自動選擇監聽連接埠

/usr/local/psionic/portsentry/portsentry -audpUDP進階秘密檢測，自動選擇監聽連接埠

驗證

nmap -sS www.2cto.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 22:35 CST
Interesting ports on typecho.domain.com (192.168.1.2):
Not shown: 1654 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
22/tcp open ssh
79/tcp open finger
80/tcp open http
111/tcp open rpcbind
119/tcp open nntp
143/tcp open imap
443/tcp open https
540/tcp open uucp
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
27665/tcp open Trinoo_Master
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k

查看防火牆阻止記錄
cat /etc/hosts.deny
ALL: 192.168.1.6

到此為止 PortSentry，就搭建完整了

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More